Souhaite utiliser combofix

Résolu/Fermé
Dina - 7 juil. 2013 à 13:47
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 - 21 juil. 2013 à 16:01
Bonjour,

J'aimerai passer le combofix mais je sais qu'il ne s'utilise pas comme ca.

Pourriez vous me tutorer que je puisse nettoyer mon pc sans risque.

Le rapport hijackthis est le suivant :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:46:50, on 07/07/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)

FIREFOX: 4.0.1 (fr)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Sofia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WD0X8JYL\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1542961045-3789473309-3416228415-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] C:\Program Files\Orange\Media Player\Media Player.exe /systray (User '?')
O4 - HKUS\S-1-5-18\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray (User '?')
O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] C:\Program Files\Orange\Media Player\Media Player.exe /systray (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: Avira Planificateur (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Protection temps réel (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (BthServ) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Configuration automatique de réseau câblé (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
A voir également:

30 réponses

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
7 juil. 2013 à 13:51
Salut,

Pourquoi tu veux l'utiliser?
3
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
7 juil. 2013 à 13:54
salut

tu as 2 AV (avast et avira) désinstalle avira>>désinstaller avira

ensuite fais ceci s'il te plaît

télécharge zhpdiag sur ton bureau (outil de diagnostic)

le lien https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

le tuto http://www.security-helpzone.com/forum/Thread-ZHPDiag-Generer-un-rapport

utilisateurs vista-w7-w8 exécuter en tant qu'administrateur (clic droit)

pour lancer le scan clique sur la loupe avec le + (2ème bouton en haut a gauche)

le rapport s'affichera sur ton bureau et dans C:\zhpdiag.txt

poste le rapport via ce lien https://www.cjoint.com/

@+

3
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
8 juil. 2013 à 05:44
salut Dina,

fais ceci s'il te plaît

Télécharge roguekiller sur ton bureau

Le lien https://www.luanagames.com/index.fr.html

Le tuto http://tigzyrk.blogspot.be/2012/10/fr-roguekiller-tutoriel-officiel.html

Quitte tous tes programmes en cours

Lance roguekiller (utilisateurs vista-w7-w8 exécuter en tant qu'administrateur- clic droit)

Laisse faire le prescan

Clique sur scan

Le rapport s'affichera sur ton bureau et dans C:\ RKReport[#].txt

Poste le rapport via 1 copier/coller

@+
1
ogueKiller V8.6.2 [Jul 5 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Sofia [Droits d'admin]
Mode : Recherche -- Date : 07/08/2013 22:57:27
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 1 ¤¤¤
[BROK VAL] HKCR\[...]\command : () -> MANQUANT

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[75] : NtCreateSection @ 0x84437FA5 -> HOOKED (Unknown @ 0x8EA3BBC6)
[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x8444A142 -> HOOKED (Unknown @ 0x8EA3BBD0)
[Address] SSDT[289] : NtSetContextThread @ 0x844992AB -> HOOKED (Unknown @ 0x8EA3BBCB)
[Address] SSDT[314] : NtSetSecurityObject @ 0x843C6023 -> HOOKED (Unknown @ 0x8EA3BBD5)
[Address] SSDT[332] : NtSystemDebugControl @ 0x843FEEF1 -> HOOKED (Unknown @ 0x8EA3BBDA)
[Address] SSDT[334] : NtTerminateProcess @ 0x843F7173 -> HOOKED (Unknown @ 0x8EA3BB67)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8EA3BBEE)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8EA3BBF3)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 79cca1cd26ac7eca71c89eee49aa3055
[BSP] 849d38236674d148c76bfecf28a24132 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 233595 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 498882510 | Size: 233342 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[0]_S_07082013_225727.txt >>
0
Merci a +
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
8 juil. 2013 à 23:07
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
8 juil. 2013 à 23:03
re

relance roguekiller et clique sur suppression puis poste le rapport

regarde l'image

@+
1
Bonjour,

RogueKiller V8.6.2 [Jul 5 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Sofia [Droits d'admin]
Mode : Suppression -- Date : 07/09/2013 14:21:31
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[75] : NtCreateSection @ 0x84467FA5 -> HOOKED (Unknown @ 0x8F1FBA26)
[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x8447A142 -> HOOKED (Unknown @ 0x8F1FBA30)
[Address] SSDT[289] : NtSetContextThread @ 0x844C92AB -> HOOKED (Unknown @ 0x8F1FBA2B)
[Address] SSDT[314] : NtSetSecurityObject @ 0x843F6023 -> HOOKED (Unknown @ 0x8F1FBA35)
[Address] SSDT[332] : NtSystemDebugControl @ 0x8442EEF1 -> HOOKED (Unknown @ 0x8F1FBA3A)
[Address] SSDT[334] : NtTerminateProcess @ 0x84427173 -> HOOKED (Unknown @ 0x8F1FB9C7)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8F1FBA4E)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8F1FBA53)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 79cca1cd26ac7eca71c89eee49aa3055
[BSP] 849d38236674d148c76bfecf28a24132 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20467712 | Size: 233595 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 498882510 | Size: 233342 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[0]_D_07092013_142131.txt >>
RKreport[0]_D_07082013_230119.txt;RKreport[0]_S_07082013_225727.txt;RKreport[0]_S_07082013_230255.txt
RKreport[0]_S_07082013_230742.txt;RKreport[0]_S_07092013_141941.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
9 juil. 2013 à 19:26
salut Dina,

fais ceci s'il te plaît

télécharge adwcleaner sur ton bureau (clique sur la flèche verte)

le lien https://toolslib.net

utlisateurs vista-w7-w8 exécuter en tant qu'administrateur (clic droit)

choisis le mode suppression

le rapport s'affichera sur ton bureau et dans C:\adw[S1].txt

poste le rapport via 1 copier/coller

@+

1
Salut Bill,

Merci pour ton aide.

Voici le poste :

# AdwCleaner v2.304 - Rapport créé le 09/07/2013 à 22:44:10
# Mis à jour le 03/07/2013 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : Sofia - PC-DE-SOFIA
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Sofia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71V80CQV\AdwCleaner (1).exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\Sofia\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Dossier Supprimé : C:\Users\Sofia\AppData\Roaming\DriverCure
Dossier Supprimé : C:\Users\Sofia\AppData\Roaming\ParetoLogic
Fichier Supprimé : C:\Windows\system32\roboot.exe

***** [Registre] *****

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9BF8BEF9-4DC6-45FC-9AA5-4B1311392CAD}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v4.0.1 (fr)

Fichier : C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v27.0.1453.116

Fichier : C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [1311 octets] - [02/01/2013 17:39:09]
AdwCleaner[S2].txt - [505 octets] - [07/03/2013 21:54:43]
AdwCleaner[S3].txt - [3908 octets] - [07/03/2013 22:10:16]
AdwCleaner[S4].txt - [440 octets] - [09/07/2013 22:37:03]
AdwCleaner[S5].txt - [2759 octets] - [09/07/2013 22:44:10]

########## EOF - C:\AdwCleaner[S5].txt - [2819 octets] ##########

Bonne soirnée
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
Modifié par billmaxime le 11/07/2013 à 18:20
re

tu as été télécharger sur des sites douteux... tu as 1 redirection HOST qui t'as amené

boxore

fais ceci s'il te plaît

Télécharge roguekiller sur ton bureau

Le lien https://www.luanagames.com/index.fr.html

Le tuto http://tigzyrk.blogspot.be/2012/10/fr-roguekiller-tutoriel-officiel.html

Quitte tous tes programmes en cours

Lance roguekiller (utilisateurs vista-w7-w8 exécuter en tant qu'administrateur- clic droit)

Laisse faire le prescan

Clique sur scan

quand le scan est fait, clique sur host raz>>l'image

clique aussi sur suppression et poste le rapport

regarde l'image

Les rapports s'afficheront sur ton bureau et dans C:\ RKReport[#].txt

Poste les rapports via 1 copier/coller

@+

le taux de radiation est plus élevé au pôle emploi qu'à Tchernobyl
1
coucou,

Je pensais avoir bien pris sur les sites désolée.

RogueKiller V8.6.2 [Jul 5 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Sofia [Droits d'admin]
Mode : HOSTS RAZ -- Date : 07/11/2013 23:51:31
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] upstv_fr_3.exe -- C:\Users\Sofia\AppData\Local\startertv_fr_3\upstv_fr_3.exe [7] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


0.0.0.0 boxore.com
0.0.0.0 www.boxore.com
0.0.0.0 boxore.org
0.0.0.0 www.boxore.org
0.0.0.0 boxore.net
0.0.0.0 www.boxore.net
0.0.0.0 dlmanager.com
0.0.0.0 www.dlmanager.com
0.0.0.0 dlmanager.org
0.0.0.0 www.dlmanager.org
0.0.0.0 dlmanager.net
0.0.0.0 www.dlmanager.net


¤¤¤ Nouveau fichier HOSTS: ¤¤¤
127.0.0.1 localhost


Termine : << RKreport[0]_H_07112013_235131.txt >>
RKreport[0]_D_07112013_234906.txt;RKreport[0]_S_07112013_234857.txt;RKreport[0]_S_07112013_235114.txt
0
vieu bison boiteu Messages postés 44312 Date d'inscription lundi 11 avril 2005 Statut Contributeur Dernière intervention 18 octobre 2024 Ambassadeur 3 553
17 juil. 2013 à 23:02
salut Dina

essaie "Toolscleaner2"
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
http://pc-system.fr/
http://www.bibou0007.com/outils-specifiques-f78/tutorial-toolscleaner-2-t375.htm

* Déconnecte toi et ferme bien toutes tes applications en cours.
* Clique droit sur Toolscleaner2 et choisis "éxécuter en tant que Administrateur"
* Clique sur Recherche et laisse le scan se terminer (cela peut être long).
* Clique sur Suppression pour finaliser.
* Clique sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Poste ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .
* Puis enfin supprime Toolscleaner2 et le fichier texte de suppression

à+
1
Coucou,

Voici le rapport [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Users\Sofia\Documents\Mina\HijackThis: trouvé !
C:\Users\Sofia\Documents\Mina\hijackthis\HijackThis.exe: trouvé !
C:\Users\Sofia\Documents\Mina\hijackthis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Users\Sofia\Documents\Mina\hijackthis\HijackThis.exe: supprimé !
C:\Users\Sofia\Documents\Mina\hijackthis\hijackthis.log: supprimé !
C:\Users\Sofia\Documents\Mina\HijackThis: supprimé !
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
19 juil. 2013 à 01:59
re

a la racine dans C:\ tu as 1 rapport de delfix

O44 - LFC:[MD5.CEE4E3FD380B70F0FEE66BC7B5F50F35] - 18/07/2013 - 21:19:57 ---A- . (...) -- C:\DelFix.txt
====================================================

Mozilla Firefox 4.0.1 n'est pas a jour>> désinstalle le et télécharge la dernière

version si tu pense l'utiliser

désinstaller firefox

télécharger firefox

désinstalle Java 7 Update 17 via programmes et fonctionnalités du panneau de configuration et télécharge la dernière version ici https://www.java.com/fr/

idem pour ceci Adobe Reader X et télécharge la dernière version ici

https://www.commentcamarche.net/telecharger/bureautique/2625-adobe-reader/
===================================================

ensuite fais ceci

lance zhpfix en tant qu'administrateur (clic droit)

copie tout le texte en gras ci-dessous

clique sur le 2ème bouton en haut a gauche (coller le presse papier)

clic sur GO en bas de page et confirme par oui pour lancer le nettoyage des données

le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt

poste le rapport via ce lien https://www.cjoint.com/

le texte a copier


R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/ =>Toolbar.Yahoo
O4 - GS\Desktop: CCleaner - Raccourci.lnk . (...) -- C:\Users\Sofia\Desktop\CCleaner\CCleaner.exe (.not file.) =>Piriform Ltd
O4 - GS\Desktop: CCleaner.lnk . (...) -- C:\Users\Mina\Desktop\CCleaner\CCleaner.exe (.not file.) =>Piriform Ltd
[HKCU\Software\AppDataLow\Software\Yahoo] =>Toolbar.Yahoo
[HKCU\Software\Yahoo] =>Toolbar.Yahoo
O43 - CFD: 13/09/2008 - 21:29:44 - [1,282] ----D C:\Program Files\Yahoo! =>Toolbar.Yahoo
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (Web Search) - http://startsear.ch
O69 - SBI: SearchScopes [HKCU] {E8495729-90EE-4C2F-9D0D-0D885E1FC19E} - (Yahoo! Search) - https://search.yahoo.com/ =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
SS - | Auto 01/12/2011 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SS - | Auto 01/12/2011 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

SysRestore
FirewallRAZ
EmptyCLSID
EmptyTemp
EmptyFlash


@+
1
Salut toi,

Comment va tu ?

voici le rapport http://cjoint.com/?CGtrRAhPimW et merci beaucoup

A plus
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
Modifié par billmaxime le 21/07/2013 à 12:18
salut Dina,

je viens d'avoir des news pour "delfix"...

il faut exécuter delfix sans cocher la case "Purge de la restauration système"

fais le test (en cochant les autre cases) et poste le rapport que tu auras
merci

@+

le taux de radiation est plus élevé au pôle emploi qu'à Tchernobyl
1
Salut toi,

voila j'ai reussie voici le rapport
# DelFix v10.4 - Rapport créé le 21/07/2013 à 14:58:19
# Mis à jour le 19/07/2013 par Xplode
# Nom d'utilisateur : Sofia - PC-DE-SOFIA
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

~ Activation de l'UAC ... OK

~ Suppression des outils de désinfection ...


~ Sauvegarde de la base de registre ... OK

~ Réinitialisation des paramètres système ... OK

########## - EOF - ##########

Merci
0
Bonjour et merci voici le rapport

http://pjjoint.malekal.com/files.php?id=ZHPDiag_20130707_e11l14g14h13i15
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
10 juil. 2013 à 06:54
salut Dina,

pas de soucis pour l'aide^^

relance les 2 exécutables d'adwcleaner (AdwCleaner (1).exe ) et choisis désinstaller

ensuite fais ceci s'il te plaît

télécharge MBAM sur ton bureau

le lien https://www.malwarebytes.com/ (prend le free)

le tuto https://www.donnemoilinfo.com/tuto/Malwarebytes-Anti-Malware/

exécute le en tant qu'administrateur (clic droit)
met le a jour (3ème bouton)

fais 1 scan complet (tous les disques)

le scan peut durer +-2H (laisse le bosser)

si MBAM trouve quelque chose supprime la sélection (voir tuto 2ème page)

poste le rapport via 1 copier/coller

le rapport s'affichera sur ton bureau et dans rapport/log de MBAM

@+
0
Coucou

Voici le rapport

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.07.10.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sofia :: PC-DE-SOFIA [administrateur]

10/07/2013 22:52:31
mbam-log-2013-07-10 (22-52-31).txt

Type d'examen: Examen complet (C:\|D:\|F:\|H:\|I:\|J:\|K:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 504157
Temps écoulé: 1 heure(s), 37 minute(s), 21 seconde(s)

Processus mémoire détecté(s): 1
C:\Program Files\Startertv\startertv_fr_3.exe (Adware.Tuto4PC) -> 5492 -> Suppression au redémarrage.

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 8
HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Mis en quarantaine et supprimé avec succès.
HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.WebCake) -> Mis en quarantaine et supprimé avec succès.
HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.WebCake) -> Mis en quarantaine et supprimé avec succès.
HKCR\WebCakeIEClient.Layers.1 (PUP.WebCake) -> Mis en quarantaine et supprimé avec succès.
HKCR\WebCakeIEClient.Layers (PUP.WebCake) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Startertv (Adware.Tuto4PC) -> Données: "C:\Program Files\Startertv\startertv_fr_3.exe" -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 2
C:\Program Files\Startertv\startertv_fr_3.exe (Adware.Tuto4PC) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> Mis en quarantaine et supprimé avec succès.

(fin)
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
11 juil. 2013 à 07:47
salut Dina,

comment va le pc?

tu peux me refaire 1 zhpdiag en cliquant sur la loupe avec le + et poster le rapport via ce lien https://www.cjoint.com/

merci

@+
0
Rapport de ZHPDiag v2013.7.10.17 par Nicolas Coolman, Update du 10/07/2013
Run by Sofia at 11/07/2013 16:12:23
WebSite: http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 4.0.1
GCIE: Google Chrome v27.0.1453.116 (Defaut)
OBIE: Safari v5.33.18.5

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v3.23 =>Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 17

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 112 GB (49%) free of 228 GB

---\\ Logged in mode
~ Computer Name: PC-DE-SOFIA
~ User Name: Sofia
~ All Users Names: UpdatusUser, Sofia, Mina, Administrateur, Admin,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Sofia\AppData\Roaming\
~ %Desktop% : C:\Users\Sofia\Desktop\
~ %Favorites% : C:\Users\Sofia\Favorites\
~ %LocalAppData% : C:\Users\Sofia\AppData\Local\
~ %StartMenu% : C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 112 Go of 228 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 222 Go of 228 Go)
F:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
~ Security Center: 35 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.6A25377A76479A0C0BF3DB6FC42FE09A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/05/2013 - 23:28:26.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/358
~ Mes musiques (My Musics) : 7/9025
~ Mes Videos (My Videos) : 1/14
~ Mes Favoris (My Favorites) : 1/277
~ Mes Documents (My Documents) : 1/1079
~ Mon Bureau (My Desktop) : 4/3264
~ Menu demarrer (Programs) : 0/40
~ Hidden Files: Scanned in 00mn 16s



---\\ Processus lancés
[MD5.BF899F57858B8C6F162D9EEB2370641C] - (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\WerCon.exe [1143296] [PID.2440]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3056]
[MD5.CD0B65BB966D2C7511174CD9B7272D26] - (...) -- C:\Users\Sofia\AppData\Local\startertv_fr_3\upstv_fr_3.exe [2082664] [PID.264] =>Adware.StarterTV
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.2820]
[MD5.1432BA058B2385392DA1593BFC859DDB] - (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe [221680] [PID.1640] =>Toolbar.DeltaSearch
[MD5.67EE46FD4D3B56531C5DD1BDC149275A] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757400] [PID.3484]
[MD5.5463971AE736655EC8BD4198B46CE29D] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe [812424] [PID.2548]
[MD5.E121530C2838C67C06A6AE0AEDC13B72] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7693824] [PID.496]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.4208]
[MD5.84B3C0476D17C9A44DB4C9256A7E2844] - (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe [1496472] [PID.4100]
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\system32\nvvsvc.exe [639776] [PID.968]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.980]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1360]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1804]
[MD5.D72B2DAE9E73C58D6E09C3D782AA1E23] - (.Pas de propriétaire - MemCheck.Service.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672] [PID.2464]
[MD5.62B7936F9036DD6ED36E6A7EFA805DC0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63928] [PID.2508]
[MD5.3845B6555DE995F6C0C07AE2ABCC0532] - (.Pas de propriétaire - ALaunchSvc Image.) -- C:\Acer\ALaunch\ALaunchSvc.exe [50688] [PID.2552]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.2604]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2620]
[MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2832]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2916]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2936]
[MD5.C1C132455200AD4704142442C89D0FA4] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247] [PID.3072]
[MD5.59FCCAF915BA89DD98CADF08DA91AFEE] - (.Acer Inc. - eRecoveryService.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344] [PID.3348]
[MD5.A1545B731579895D8CC44FC0481C1192] - (.Microsoft Corporation - Service de la passerelle de la couche Appli.) -- C:\Windows\System32\alg.exe [59392] [PID.3780]
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - (.Microsoft Corporation - Programme d'installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [39424] [PID.4260]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www1.delta-search.com =>Toolbar.DeltaSearch
G0 - GCSP: Preference [User Data\Default] http://www1.delta-search.com =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.4 (Désactivé)
~ Google Browser: 9 Legitimates Filtered in 00mn 08s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\prefs.js
C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\user.js
M3 - MFPP: Plugins - [Sofia] -- C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [Sofia] -- C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\searchplugins\delta.xml
M0 - MFSP: prefs.js [Sofia - ifdqxd5d.default] r_pref("browser.startup.homepage", );
M2 - MFEP: prefs.js [Sofia - ifdqxd5d.default\jid1-yZwVFzbsyfMrqQ@jetpack] [] Lavasoft Search Plugin v0.6 (..)
M2 - MFEP: prefs.js [Sofia - ifdqxd5d.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.4.8.20120412011105 (..)
P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=3] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll =>Toolbar.DeltaSearch
P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=9] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll =>Toolbar.DeltaSearch
P2 - FPN: [HKLM] [@xmlauthor.com/downloads] - (.XMLAuthor Inc. - ~Mirage 6.1.58.0 Plugin for Visual Mirage Projects.) -- C:\Windows\system32\npmirage.dll
~ Firefox Browser: 31 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Amazon.com, Inc. - Amazon MP3 Downloader Plugin 1.0.17.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 0.0.0.0 boxore.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 boxore.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 boxore.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 dlmanager.com
O1 - Hosts: 0.0.0.0 www.dlmanager.com
O1 - Hosts: 0.0.0.0 dlmanager.org
O1 - Hosts: 0.0.0.0 www.dlmanager.org
O1 - Hosts: 0.0.0.0 dlmanager.net
O1 - Hosts: 0.0.0.0 www.dlmanager.net
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 31



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [tuto4pc_fr_45] Clé orpheline =>PUP.Eorezo
O4 - HKLM\..\Run: [FrameFox Extensions] . (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe =>Toolbar.DeltaSearch
O4 - HKLM\..\RunOnce: [upstv_fr_3.exe] . (...) -- C:\Users\Sofia\AppData\Local\startertv_fr_3\upstv_fr_3.exe =>Adware.StarterTV
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] . (.Orange - Media Player.) -- C:\Program Files\Orange\Media Player\Media Player.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] . (.Time Information Services Ltd. - PC Sync.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
O4 - HKUS\S-1-5-18\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] . (.Orange - Media Player.) -- C:\Program Files\Orange\Media Player\Media Player.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [OrangePlayer] . (.Orange - Media Player.) -- C:\Program Files\Orange\Media Player\Media Player.exe
O4 - HKUS\S-1-5-21-1542961045-3789473309-3416228415-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}\SafariIco.exe
O4 - GS\QuickLaunch: EVEREST Home Edition.lnk . (...) -- C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Video Converter.lnk . (...) -- C:\Program Files\VideoConverter\VideoConverter.exe (.not file.)
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\SendTo: AVS Mobile Uploader.lnk . (.Online Media Technologies Ltd. - AVS Mobile Uploader.) -- C:\Program Files\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe
O4 - GS\SendTo: AVS Video Burner.lnk . (.Online Media Technologies Ltd. - AVS Video Burner.) -- C:\Program Files\Common Files\AVSMedia\BurnerService\AVSVideoBurner.exe
O4 - GS\SendTo: AVS Video Uploader.lnk . (.Online Media Technologies Ltd. - AVS Video Uploader.) -- C:\Program Files\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe
O4 - GS\Desktop: 1. Windows Live Messenger.lnk . (.Microsoft Corporation - Raccourci Windows Live Messenger.) -- C:\Users\Sofia\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
O4 - GS\Desktop: AVS Video Converter.lnk . (.Online Media Technologies Ltd. - Video Converter.) -- C:\Program Files\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe
O4 - GS\Desktop: MP Manager.lnk . (.MPMAN - MP Manager.) -- C:\Users\Sofia\AppData\Roaming\MPMAN\MP Manager\MP Manager.exe
O4 - GS\Desktop: OpenOffice.org.lnk . (.OpenOffice.org - OpenOffice.org 3.0.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
O4 - GS\Desktop: WBFS Manager 3.0.lnk . (...) -- C:\Program Files\WBFS\WBFS Manager 3.0\WBFSManager.exe
O4 - GS\Desktop: CCleaner - Raccourci.lnk . (...) -- C:\Users\Sofia\Desktop\CCleaner\CCleaner.exe (.not file.) =>Piriform Ltd
O4 - GS\Desktop: QuickSFV.lnk . (.Mercedes - QuickSFV.) -- C:\Program Files\QuickSFV\QuickSFV.exe
O4 - GS\Desktop: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - GS\Desktop: CCleaner.lnk . (...) -- C:\Users\Mina\Desktop\CCleaner\CCleaner.exe (.not file.) =>Piriform Ltd
~ Global Startup: Scanned in 00mn 01s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ALaunch Service (ALaunchService) . (.Pas de propriétaire - ALaunchSvc Image.) - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Duuqu Update Service (dqupdate) (dqupdate) . (.Duuqu Group - Duuqu Installer.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe =>Toolbar.DeltaSearch
O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) . (.Cyberlink Corp. - FCL Driver.) - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
~ Services: 19 Legitimates Filtered in 00mn 10s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job [870] =>Toolbar.DeltaSearch
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job [874] =>Toolbar.DeltaSearch
[MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineCore] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360] =>Toolbar.DeltaSearch
[MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineUA] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360] =>Toolbar.DeltaSearch
[MD5.71D490C463014E4FB88B8CBA700B111E] [APT] [EPUpdater] (...) -- C:\Users\Sofia\AppData\Roaming\BabSolution\Shared\BabMaint.exe [4608] =>Hijacker.BabSolution
~ Scheduled Task: 17 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: AVSDK5 - (.Authentium, Inc.) [HKLM] -- {30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}
~ Logic: 102 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BKEDV]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\CDSPN]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Duuqu] =>Toolbar.DeltaSearch
[HKCU\Software\MGS]
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\ScreenSaver.com]
[HKCU\Software\TutoTag] =>Spyware.AgenceExcusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExcusive
[HKCU\Software\XMLAuthor Inc.]
[HKCU\Software\dclean]
[HKCU\Software\edc]
[HKCU\Software\tuto4pc] =>PUP.Eorezo
[HKLM\Software\Boxore] =>Adware.Boxore
[HKLM\Software\CDSPN]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Duuqu] =>Toolbar.DeltaSearch
[HKLM\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\XMLAuthor Inc.]
~ Key Software: 243 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/07/2013 - 01:55:02 - [2,117] ----D C:\Program Files\Duuqu =>Toolbar.DeltaSearch
O43 - CFD: 11/07/2013 - 01:55:35 - [0,224] ----D C:\Program Files\FrameFox
O43 - CFD: 02/12/2010 - 20:07:41 - [0,004] ----D C:\Program Files\PokerStars
O43 - CFD: 02/12/2010 - 20:07:32 - [0,019] ----D C:\Program Files\PokerStars.FR
O43 - CFD: 18/05/2010 - 17:25:22 - [0,006] ----D C:\Program Files\PokerStars.NET
O43 - CFD: 11/07/2013 - 00:31:23 - [0] ----D C:\Program Files\Startertv =>Adware.StarterTV
O43 - CFD: 10/07/2013 - 23:09:59 - [3,777] ----D C:\Program Files\tuto4pc_fr_45 =>PUP.Eorezo
O43 - CFD: 21/05/2011 - 12:25:44 - [5,379] ----D C:\Program Files\Common Files\Authentium
O43 - CFD: 10/07/2013 - 22:46:41 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 10/07/2013 - 23:12:04 - [1,044] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 10/07/2013 - 22:47:37 - [1,918] ----D C:\Users\Sofia\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 10/07/2013 - 22:46:41 - [0,010] ----D C:\Users\Sofia\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 11/07/2013 - 01:55:02 - [0] ----D C:\Users\Sofia\AppData\Local\Duuqu =>Toolbar.DeltaSearch
O43 - CFD: 10/07/2013 - 22:47:00 - [0,000] ----D C:\Users\Sofia\AppData\Local\eorezo =>PUP.Eorezo
O43 - CFD: 10/02/2013 - 23:02:20 - [0,131] ----D C:\Users\Sofia\AppData\Local\PokerStars
O43 - CFD: 10/02/2013 - 23:02:20 - [0,942] ----D C:\Users\Sofia\AppData\Local\PokerStars.FR
O43 - CFD: 10/02/2013 - 23:02:19 - [0,298] ----D C:\Users\Sofia\AppData\Local\PokerStars.NET
O43 - CFD: 11/07/2013 - 16:09:20 - [4,702] ----D C:\Users\Sofia\AppData\Local\startertv_fr_3 =>Adware.StarterTV
O43 - CFD: 10/07/2013 - 23:09:59 - [3,008] ----D C:\Users\Sofia\AppData\Local\tuto4pc_fr_45 =>PUP.Eorezo
~ 195 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 453 Legitimates Filtered in 01mn 21s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.1217BE0ECAAB2A73C7581090C3D9C598] - 11/07/2013 - 14:19:22 ---A- . (...) -- C:\Windows\bthservsdp.dat [12]
O44 - LFC:[MD5.3FFBEE694566CADB0A64D8A1ACD7DBCE] - 28/06/2013 - 11:16:50 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O44 - LFC:[MD5.FAF091AA45A6A6CF3CF94FE065950956] - 28/06/2013 - 11:16:50 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
~ Files: 20 Legitimates Filtered in 00mn 07s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 21 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\Firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Launcher.exe> <>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Web Search) - http://startsear.ch
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} - (Zumie Search) - http://www.zumie.com
O69 - SBI: SearchScopes [HKCU] {E8495729-90EE-4C2F-9D0D-0D885E1FC19E} - (Yahoo! Search) - http://search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.2D8C8050E54766902818BAD38D07C70E] [SPRF][21/05/2011] (...) -- C:\Users\Sofia\AppData\Local\d3d9caps.dat [8268]
[MD5.2534DAAF0610700C74BBCAD6A46E1E96] [SPRF][24/01/2009] (...) -- C:\Users\Sofia\AppData\LocalLow\prvlcl.dat [1052280]
[MD5.0FB6D382FA5FBF72D05FC2A4503B7DF2] [SPRF][10/07/2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Users\Sofia\Desktop\malwarebytes-anti-malware.exe [10156344]
[MD5.39AB3591CD37F26ACD0E5DA5157CCBC3] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\catalog.dat [2504]
[MD5.605B554657988C0FDD77B9F226F4D8B3] [SPRF][10/03/2010] (.Symantec Corporation - Symantec Engine Common Object Model Server.) -- C:\Windows\Downloaded Program Files\ecmsvr32.dll [259440]
[MD5.919772D7F67C99674D85965268D2A901] [SPRF][08/09/2008] (.Kiwee - Installer Control.) -- C:\Windows\Downloaded Program Files\InstallerControl.dll [204800]
[MD5.7E6B506E93FA06BFE7148E2D526CD675] [SPRF][10/03/2010] (.Symantec Corporation - AV Engine.) -- C:\Windows\Downloaded Program Files\naveng32.dll [177520]
[MD5.EB4830A250D7D6AF1FD73F2874D96241] [SPRF][10/03/2010] (.Symantec Corporation - AV Engine.) -- C:\Windows\Downloaded Program Files\navex32a.dll [1647984]
[MD5.5ADC8BBD043787A49C894347B8CF330D] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\scrauth.dat [97776]
[MD5.D625CB7C74DEE36AE74FFBC5B7A385B2] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcdefs.dat [2352850]
[MD5.D51D7915C5EDF2EF1E40B724ACE27789] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcscan7.dat [20332948]
[MD5.2C856D48A7F05E857559B7AD422209B3] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcscan8.dat [194843]
[MD5.60AD909F0C2DC1CB461436469124EAB9] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcscan9.dat [572496]
[MD5.4038FBC57D1C1B571BB257F8E7E4CFBD] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tinf.dat [453]
[MD5.F482930D99D74BCD79CB09F2E88BB7F7] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tinfidx.dat [148]
[MD5.F3074DCEE278C0157F178495B5628EC1] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tinfl.dat [1957]
[MD5.993246013896AF95AB50E60E63801311] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tscan1.dat [73175]
[MD5.A2D94A904F1A68D21FD511614F1B85FD] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tscan1hd.dat [3811]
[MD5.15263E27416D1FB600450387D9FF9C68] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan1.dat [1032513]
[MD5.509C2FCE69FCD14A04A66AB9BF0B4E7B] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan2.dat [573078]
[MD5.B16E66380A3A2021068F27F3AD0A3480] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan3.dat [155540]
[MD5.F85E67D580637A0372FF2D25A6C1CDAD] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan4.dat [320267]
[MD5.84EA219F181E121ECA0F00458C0FCC40] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan5.dat [15577134]
[MD5.BACB275A6F1A26E510CF1D8716A7BF87] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan6.dat [396772]
[MD5.9EFF2CB50191E958215D11721CBF7C65] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan7.dat [60924267]
[MD5.A91BAB2D71C22DBD478AEEA58D51139E] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan8.dat [1126277]
[MD5.21D24B2D576DBA8E8EC1E1925513594B] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan9.dat [4662571]
[MD5.5359BBFB8A20EC94B6D028D78F0F8C25] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscant.dat [32]
[MD5.2EA09C8B4B4669C516433AE31982E259] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\zdone.dat [224]
~ Files: Scanned in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : v2.12720 - (10/07/2013)
Clés trouvées (Keys found) : 17
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 12
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Boxore] =>Adware.Boxore
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\freeze.com] =>Adware.BHO
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKCU\Software\Tuto4pc] =>PUP.Eorezo
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar] =>Toolbar.DeltaSearch
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}] =>Toolbar.eDataSecurity
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}] =>Toolbar.eDataSecurity
[HKLM\Software\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}] =>Toolbar.eDataSecurity
C:\Program Files\Duuqu =>Toolbar.DeltaSearch
C:\Program Files\FrameFox =>Toolbar.DeltaSearch
C:\Program Files\Startertv =>Adware.StarterTV
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\Sofia\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Sofia\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\Sofia\AppData\Roaming\Disk Cleaner =>Rogue.DiskCleaner
C:\Users\Sofia\AppData\Local\Duuqu =>Toolbar.DeltaSearch
C:\Users\Sofia\AppData\Local\EoRezo =>PUP.Eorezo
C:\Users\Sofia\AppData\Local\startertv_fr_3 =>Adware.StarterTV
C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch
C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\Extensions\***@*** =>Toolbar.Babylon
~ Additionnel Scan: 350939 Items scanned in 00mn 38s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 28672 | (AcerMemUsageCheckService) . (...) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SR - | Auto 03/01/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 30/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 50688 | (ALaunchService) . (...) - C:\Acer\ALaunch\ALaunchSvc.exe
SS - | Auto 01/12/2011 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SS - | Auto 01/12/2011 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 11/07/2013 98360 | (dqupdate) . (.Duuqu Group.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe =>Toolbar.DeltaSearch
SS - | Demand 11/07/2013 98360 | (dqupdatem) . (.Duuqu Group.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe =>Toolbar.DeltaSearch
SR - | Auto 10/09/2007 57344 | (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
SS - | Auto 12/04/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/04/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Demand 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 09/09/2012 821648 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 01/05/2011 311744 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 262247 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SS - | Demand 29/04/2008 572928 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 31/08/2007 39408 | ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) . (.Cyberlink Corp..) - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
~ Services: Scanned in 00mn 01s



---\\ Malicius Software Information
~ http://nicolascoolman.webs.com/apps/blog/show/29259213-adware-startertv =>Adware.StarterTV
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/30068076-pup-paretologic =>PUP.Paretologic
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>Spyware.AgenceExclusive
~ MSI: 11 link(s) detected in 00mn 01s



~ 1515 Legitimates filtered by white list
End of the scan (567 lines in 03mn 11s)(0)
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
11 juil. 2013 à 23:59
re

relance roguekiller et cliques sur scan puis poste le rapport

merci

@+
0
Coucou voila

RogueKiller V8.6.2 [Jul 5 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Sofia [Droits d'admin]
Mode : HOSTS RAZ -- Date : 07/12/2013 00:06:17
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Nouveau fichier HOSTS: ¤¤¤
127.0.0.1 localhost


Termine : << RKreport[0]_H_07122013_000617.txt >>
RKreport[0]_S_07122013_000608.txt
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
12 juil. 2013 à 09:03
salut Dina

tu as exécuter roguekiller en mode host raz (Mode : HOSTS RAZ -- Date : 07/12/2013 00:06:17)

et je voulais juste que tu le passe en mode "scan" mais le rapport est propre

fais ceci s'il te plaît

refais 1 scan complet avec MBAM et supprime tout ce qu'il trouve

ps: mets le a jour avant de lancer le scan (3ème bouton)

et ne va plus rien télécharger tant qu'on a pas fini de désinfecter

merci

@+
0
Bonsoir,

Je pense ne pas avoir fait trop de dégats....

Voici le scan

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.07.12.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sofia :: PC-DE-SOFIA [administrateur]

12/07/2013 23:43:11
mbam-log-2013-07-12 (23-43-11).txt

Type d'examen: Examen complet (C:\|D:\|F:\|H:\|I:\|J:\|K:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 501415
Temps écoulé: 1 heure(s), 28 minute(s), 58 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKLM\SOFTWARE\Boxore (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

Merci et bonne soirée
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
13 juil. 2013 à 08:16
salut Dina

comment va le pc?

tu peux me refaire 1 zhpdiag en cliquant sur la loupe avec le + et poster le rapport

via ce lien https://www.cjoint.com/

merci

@+
0
Salut,

voici le rapport sinon mon pc se porte mieux par contre, j'ai des pubs qui s'ouvrent à chaque fois que j'ouvre une page.

Rapport de ZHPDiag v2013.7.10.17 par Nicolas Coolman, Update du 10/07/2013
Run by Sofia at 13/07/2013 16:50:44
WebSite: http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 4.0.1
GCIE: Google Chrome v27.0.1453.116 (Defaut)
OBIE: Safari v5.33.18.5

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v3.23 =>Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 17

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 112 GB (48%) free of 228 GB

---\\ Logged in mode
~ Computer Name: PC-DE-SOFIA
~ User Name: Sofia
~ All Users Names: UpdatusUser, Sofia, Mina, Administrateur, Admin,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Sofia\AppData\Roaming\
~ %Desktop% : C:\Users\Sofia\Desktop\
~ %Favorites% : C:\Users\Sofia\Favorites\
~ %LocalAppData% : C:\Users\Sofia\AppData\Local\
~ %StartMenu% : C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 112 Go of 228 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 222 Go of 228 Go)
F:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
~ Security Center: 35 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.EA952A5C277CABCBA69EA806146BB984] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.29/05/2013 - 02:41:08.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/358
~ Mes musiques (My Musics) : 7/9025
~ Mes Videos (My Videos) : 1/14
~ Mes Favoris (My Favorites) : 1/278
~ Mes Documents (My Documents) : 1/1079
~ Mon Bureau (My Desktop) : 4/3269
~ Menu demarrer (Programs) : 0/40
~ Hidden Files: Scanned in 00mn 25s



---\\ Processus lancés
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.2872]
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2884]
[MD5.1432BA058B2385392DA1593BFC859DDB] - (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe [221680] [PID.2896] =>Toolbar.DeltaSearch
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3648]
[MD5.EE12BA876C4190532A4085994BA9B616] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757400] [PID.2348]
[MD5.5463971AE736655EC8BD4198B46CE29D] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe [812424] [PID.4148]
[MD5.84B3C0476D17C9A44DB4C9256A7E2844] - (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe [1496472] [PID.5412]
[MD5.E121530C2838C67C06A6AE0AEDC13B72] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7693824] [PID.4904]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.4572]
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\system32\nvvsvc.exe [639776] [PID.1036]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.1052]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1424]
[MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.1560]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1912]
[MD5.D72B2DAE9E73C58D6E09C3D782AA1E23] - (.Pas de propriétaire - MemCheck.Service.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672] [PID.2564]
[MD5.62B7936F9036DD6ED36E6A7EFA805DC0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63928] [PID.3208]
[MD5.3845B6555DE995F6C0C07AE2ABCC0532] - (.Pas de propriétaire - ALaunchSvc Image.) -- C:\Acer\ALaunch\ALaunchSvc.exe [50688] [PID.3256]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.3308]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.3324]
[MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.3544]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.3564]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.3588]
[MD5.C1C132455200AD4704142442C89D0FA4] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247] [PID.3728]
[MD5.59FCCAF915BA89DD98CADF08DA91AFEE] - (.Acer Inc. - eRecoveryService.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344] [PID.2032]
[MD5.A1545B731579895D8CC44FC0481C1192] - (.Microsoft Corporation - Service de la passerelle de la couche Appli.) -- C:\Windows\System32\alg.exe [59392] [PID.3556]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www1.delta-search.com =>Toolbar.DeltaSearch
G0 - GCSP: Preference [User Data\Default] http://www1.delta-search.com =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.4 (Désactivé)
G2 - GCE: Preference [User Data\Default] [jiofjbkodmcfkhmljgdmjcildliojoli] FrameFox v.1.3 (Activé)
~ Google Browser: 10 Legitimates Filtered in 00mn 12s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\prefs.js
C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\user.js
M3 - MFPP: Plugins - [Sofia] -- C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [Sofia] -- C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\searchplugins\delta.xml
M0 - MFSP: prefs.js [Sofia - ifdqxd5d.default] r_pref("browser.startup.homepage", );
M2 - MFEP: prefs.js [Sofia - ifdqxd5d.default\jid1-yZwVFzbsyfMrqQ@jetpack] [] Lavasoft Search Plugin v0.6 (..)
M2 - MFEP: prefs.js [Sofia - ifdqxd5d.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.4.8.20120412011105 (..)
P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=3] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll =>Toolbar.DeltaSearch
P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=9] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll =>Toolbar.DeltaSearch
P2 - FPN: [HKLM] [@xmlauthor.com/downloads] - (.XMLAuthor Inc. - ~Mirage 6.1.58.0 Plugin for Visual Mirage Projects.) -- C:\Windows\system32\npmirage.dll
~ Firefox Browser: 31 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Amazon.com, Inc. - Amazon MP3 Downloader Plugin 1.0.17.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [tuto4pc_fr_45] Clé orpheline =>PUP.Eorezo
O4 - HKLM\..\Run: [FrameFox Extensions] . (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe =>Toolbar.DeltaSearch
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] . (.Orange - Media Player.) -- C:\Program Files\Orange\Media Player\Media Player.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] . (.Time Information Services Ltd. - PC Sync.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
O4 - HKUS\S-1-5-18\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] . (.Orange - Media Player.) -- C:\Program Files\Orange\Media Player\Media Player.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [OrangePlayer] . (.Orange - Media Player.) -- C:\Program Files\Orange\Media Player\Media Player.exe
O4 - HKUS\S-1-5-21-1542961045-3789473309-3416228415-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}\SafariIco.exe
O4 - GS\QuickLaunch: EVEREST Home Edition.lnk . (...) -- C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Video Converter.lnk . (...) -- C:\Program Files\VideoConverter\VideoConverter.exe (.not file.)
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\SendTo: AVS Mobile Uploader.lnk . (.Online Media Technologies Ltd. - AVS Mobile Uploader.) -- C:\Program Files\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe
O4 - GS\SendTo: AVS Video Burner.lnk . (.Online Media Technologies Ltd. - AVS Video Burner.) -- C:\Program Files\Common Files\AVSMedia\BurnerService\AVSVideoBurner.exe
O4 - GS\SendTo: AVS Video Uploader.lnk . (.Online Media Technologies Ltd. - AVS Video Uploader.) -- C:\Program Files\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe
O4 - GS\Desktop: 1. Windows Live Messenger.lnk . (.Microsoft Corporation - Raccourci Windows Live Messenger.) -- C:\Users\Sofia\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
O4 - GS\Desktop: AVS Video Converter.lnk . (.Online Media Technologies Ltd. - Video Converter.) -- C:\Program Files\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe
O4 - GS\Desktop: MP Manager.lnk . (.MPMAN - MP Manager.) -- C:\Users\Sofia\AppData\Roaming\MPMAN\MP Manager\MP Manager.exe
O4 - GS\Desktop: OpenOffice.org.lnk . (.OpenOffice.org - OpenOffice.org 3.0.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
O4 - GS\Desktop: WBFS Manager 3.0.lnk . (...) -- C:\Program Files\WBFS\WBFS Manager 3.0\WBFSManager.exe
O4 - GS\Desktop: CCleaner - Raccourci.lnk . (...) -- C:\Users\Sofia\Desktop\CCleaner\CCleaner.exe (.not file.) =>Piriform Ltd
O4 - GS\Desktop: QuickSFV.lnk . (.Mercedes - QuickSFV.) -- C:\Program Files\QuickSFV\QuickSFV.exe
O4 - GS\Desktop: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - GS\Desktop: CCleaner.lnk . (...) -- C:\Users\Mina\Desktop\CCleaner\CCleaner.exe (.not file.) =>Piriform Ltd
~ Global Startup: Scanned in 00mn 02s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ALaunch Service (ALaunchService) . (.Pas de propriétaire - ALaunchSvc Image.) - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Duuqu Update Service (dqupdate) (dqupdate) . (.Duuqu Group - Duuqu Installer.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe =>Toolbar.DeltaSearch
O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) . (.Cyberlink Corp. - FCL Driver.) - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
~ Services: 19 Legitimates Filtered in 00mn 55s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job [870] =>Toolbar.DeltaSearch
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job [874] =>Toolbar.DeltaSearch
[MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineCore] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360] =>Toolbar.DeltaSearch
[MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineUA] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360] =>Toolbar.DeltaSearch
~ Scheduled Task: 16 Legitimates Filtered in 00mn 04s



---\\ Logiciels installés (O42)
O42 - Logiciel: AVSDK5 - (.Authentium, Inc.) [HKLM] -- {30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}
~ Logic: 102 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BKEDV]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\CDSPN]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Duuqu] =>Toolbar.DeltaSearch
[HKCU\Software\MGS]
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\ScreenSaver.com]
[HKCU\Software\TutoTag] =>Spyware.AgenceExcusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExcusive
[HKCU\Software\XMLAuthor Inc.]
[HKCU\Software\dclean]
[HKCU\Software\edc]
[HKCU\Software\tuto4pc] =>PUP.Eorezo
[HKLM\Software\CDSPN]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Duuqu] =>Toolbar.DeltaSearch
[HKLM\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\XMLAuthor Inc.]
~ Key Software: 242 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/07/2013 - 01:55:02 - [2,117] ----D C:\Program Files\Duuqu =>Toolbar.DeltaSearch
O43 - CFD: 11/07/2013 - 01:55:35 - [0,224] ----D C:\Program Files\FrameFox
O43 - CFD: 02/12/2010 - 20:07:41 - [0,004] ----D C:\Program Files\PokerStars
O43 - CFD: 02/12/2010 - 20:07:32 - [0,019] ----D C:\Program Files\PokerStars.FR
O43 - CFD: 18/05/2010 - 17:25:22 - [0,006] ----D C:\Program Files\PokerStars.NET
O43 - CFD: 11/07/2013 - 00:31:23 - [0] ----D C:\Program Files\Startertv =>Adware.StarterTV
O43 - CFD: 10/07/2013 - 23:09:59 - [3,777] ----D C:\Program Files\tuto4pc_fr_45 =>PUP.Eorezo
O43 - CFD: 21/05/2011 - 12:25:44 - [5,379] ----D C:\Program Files\Common Files\Authentium
O43 - CFD: 10/07/2013 - 22:46:41 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 10/07/2013 - 23:12:04 - [1,044] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 10/07/2013 - 22:47:37 - [1,918] ----D C:\Users\Sofia\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 10/07/2013 - 22:46:41 - [0,010] ----D C:\Users\Sofia\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 11/07/2013 - 01:55:02 - [0] ----D C:\Users\Sofia\AppData\Local\Duuqu =>Toolbar.DeltaSearch
O43 - CFD: 10/07/2013 - 22:47:00 - [0,000] ----D C:\Users\Sofia\AppData\Local\eorezo =>PUP.Eorezo
O43 - CFD: 10/02/2013 - 23:02:20 - [0,131] ----D C:\Users\Sofia\AppData\Local\PokerStars
O43 - CFD: 10/02/2013 - 23:02:20 - [0,942] ----D C:\Users\Sofia\AppData\Local\PokerStars.FR
O43 - CFD: 10/02/2013 - 23:02:19 - [0,298] ----D C:\Users\Sofia\AppData\Local\PokerStars.NET
O43 - CFD: 11/07/2013 - 23:44:46 - [4,702] ----D C:\Users\Sofia\AppData\Local\startertv_fr_3 =>Adware.StarterTV
O43 - CFD: 10/07/2013 - 23:09:59 - [3,008] ----D C:\Users\Sofia\AppData\Local\tuto4pc_fr_45 =>PUP.Eorezo
~ 199 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 457 Legitimates Filtered in 02mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.1217BE0ECAAB2A73C7581090C3D9C598] - 13/07/2013 - 15:01:34 ---A- . (...) -- C:\Windows\bthservsdp.dat [12]
~ Files: 43 Legitimates Filtered in 00mn 12s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 21 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\Firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Launcher.exe> <>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Web Search) - http://startsear.ch
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} - (Zumie Search) - http://www.zumie.com
O69 - SBI: SearchScopes [HKCU] {E8495729-90EE-4C2F-9D0D-0D885E1FC19E} - (Yahoo! Search) - http://search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.2D8C8050E54766902818BAD38D07C70E] [SPRF][21/05/2011] (...) -- C:\Users\Sofia\AppData\Local\d3d9caps.dat [8268]
[MD5.2534DAAF0610700C74BBCAD6A46E1E96] [SPRF][24/01/2009] (...) -- C:\Users\Sofia\AppData\LocalLow\prvlcl.dat [1052280]
[MD5.0FB6D382FA5FBF72D05FC2A4503B7DF2] [SPRF][10/07/2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Users\Sofia\Desktop\malwarebytes-anti-malware.exe [10156344]
[MD5.B9F4EFC6CA48696DA3F1567784CA1D43] [SPRF][11/07/2013] (...) -- C:\Users\Sofia\Desktop\RogueKiller.exe [915456]
[MD5.39AB3591CD37F26ACD0E5DA5157CCBC3] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\catalog.dat [2504]
[MD5.605B554657988C0FDD77B9F226F4D8B3] [SPRF][10/03/2010] (.Symantec Corporation - Symantec Engine Common Object Model Server.) -- C:\Windows\Downloaded Program Files\ecmsvr32.dll [259440]
[MD5.919772D7F67C99674D85965268D2A901] [SPRF][08/09/2008] (.Kiwee - Installer Control.) -- C:\Windows\Downloaded Program Files\InstallerControl.dll [204800]
[MD5.7E6B506E93FA06BFE7148E2D526CD675] [SPRF][10/03/2010] (.Symantec Corporation - AV Engine.) -- C:\Windows\Downloaded Program Files\naveng32.dll [177520]
[MD5.EB4830A250D7D6AF1FD73F2874D96241] [SPRF][10/03/2010] (.Symantec Corporation - AV Engine.) -- C:\Windows\Downloaded Program Files\navex32a.dll [1647984]
[MD5.5ADC8BBD043787A49C894347B8CF330D] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\scrauth.dat [97776]
[MD5.D625CB7C74DEE36AE74FFBC5B7A385B2] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcdefs.dat [2352850]
[MD5.D51D7915C5EDF2EF1E40B724ACE27789] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcscan7.dat [20332948]
[MD5.2C856D48A7F05E857559B7AD422209B3] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcscan8.dat [194843]
[MD5.60AD909F0C2DC1CB461436469124EAB9] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcscan9.dat [572496]
[MD5.4038FBC57D1C1B571BB257F8E7E4CFBD] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tinf.dat [453]
[MD5.F482930D99D74BCD79CB09F2E88BB7F7] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tinfidx.dat [148]
[MD5.F3074DCEE278C0157F178495B5628EC1] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tinfl.dat [1957]
[MD5.993246013896AF95AB50E60E63801311] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tscan1.dat [73175]
[MD5.A2D94A904F1A68D21FD511614F1B85FD] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tscan1hd.dat [3811]
[MD5.15263E27416D1FB600450387D9FF9C68] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan1.dat [1032513]
[MD5.509C2FCE69FCD14A04A66AB9BF0B4E7B] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan2.dat [573078]
[MD5.B16E66380A3A2021068F27F3AD0A3480] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan3.dat [155540]
[MD5.F85E67D580637A0372FF2D25A6C1CDAD] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan4.dat [320267]
[MD5.84EA219F181E121ECA0F00458C0FCC40] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan5.dat [15577134]
[MD5.BACB275A6F1A26E510CF1D8716A7BF87] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan6.dat [396772]
[MD5.9EFF2CB50191E958215D11721CBF7C65] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan7.dat [60924267]
[MD5.A91BAB2D71C22DBD478AEEA58D51139E] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan8.dat [1126277]
[MD5.21D24B2D576DBA8E8EC1E1925513594B] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan9.dat [4662571]
[MD5.5359BBFB8A20EC94B6D028D78F0F8C25] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscant.dat [32]
[MD5.2EA09C8B4B4669C516433AE31982E259] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\zdone.dat [224]
~ Files: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : v2.12720 - (10/07/2013)
Clés trouvées (Keys found) : 16
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 13
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\freeze.com] =>Adware.BHO
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKCU\Software\Tuto4pc] =>PUP.Eorezo
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar] =>Toolbar.DeltaSearch
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}] =>Toolbar.eDataSecurity
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}] =>Toolbar.eDataSecurity
[HKLM\Software\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}] =>Toolbar.eDataSecurity
C:\Program Files\Duuqu =>Toolbar.DeltaSearch
C:\Program Files\FrameFox =>Toolbar.DeltaSearch
C:\Program Files\Startertv =>Adware.StarterTV
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\Sofia\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Sofia\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\Sofia\AppData\Roaming\Disk Cleaner =>Rogue.DiskCleaner
C:\Users\Sofia\AppData\Local\Duuqu =>Toolbar.DeltaSearch
C:\Users\Sofia\AppData\Local\EoRezo =>PUP.Eorezo
C:\Users\Sofia\AppData\Local\startertv_fr_3 =>Adware.StarterTV
C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch
C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiofjbkodmcfkhmljgdmjcildliojoli =>Toolbar.DeltaSearch
C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\Extensions\***@*** =>Toolbar.Babylon
~ Additionnel Scan: 351251 Items scanned in 00mn 51s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 28672 | (AcerMemUsageCheckService) . (...) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SR - | Auto 03/01/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 30/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 50688 | (ALaunchService) . (...) - C:\Acer\ALaunch\ALaunchSvc.exe
SS - | Auto 01/12/2011 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SS - | Auto 01/12/2011 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 11/07/2013 98360 | (dqupdate) . (.Duuqu Group.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe =>Toolbar.DeltaSearch
SS - | Demand 11/07/2013 98360 | (dqupdatem) . (.Duuqu Group.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe =>Toolbar.DeltaSearch
SR - | Auto 10/09/2007 57344 | (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
SS - | Auto 12/04/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/04/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Demand 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 09/09/2012 821648 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 01/05/2011 311744 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 262247 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SS - | Demand 29/04/2008 572928 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 31/08/2007 39408 | ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) . (.Cyberlink Corp..) - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
~ Services: Scanned in 00mn 01s



---\\ Malicius Software Information
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/30068076-pup-paretologic =>PUP.Paretologic
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/29259213-adware-startertv =>Adware.StarterTV
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>Spyware.AgenceExclusive
~ MSI: 10 link(s) detected in 00mn 01s



~ 1540 Legitimates filtered by white list
End of the scan (551 lines in 05mn 22s)(0)
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
13 juil. 2013 à 17:18
re

tu n'as pas cliqué sur la loupe avec le +>>> on recommence et on fait mieux

merci

@+
0
Excuse moi je n'ai pas fais attention, je relance serieusement
0
Rapport de ZHPDiag v2013.7.10.17 par Nicolas Coolman, Update du 10/07/2013
Run by Sofia at 14/07/2013 00:45:16
WebSite: http://nicolascoolman.webs.com
State : Nouvelle version disponible
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 4.0.1
GCIE: Google Chrome v27.0.1453.116 (Defaut)
OBIE: Safari v5.33.18.5

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v3.23 =>Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 17

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 112 GB (48%) free of 228 GB

---\\ Logged in mode
~ Computer Name: PC-DE-SOFIA
~ User Name: Sofia
~ All Users Names: UpdatusUser, Sofia, Mina, Administrateur, Admin,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Sofia\AppData\Roaming\
~ %Desktop% : C:\Users\Sofia\Desktop\
~ %Favorites% : C:\Users\Sofia\Favorites\
~ %LocalAppData% : C:\Users\Sofia\AppData\Local\
~ %StartMenu% : C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 112 Go of 228 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 222 Go of 228 Go)
F:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
~ Security Center: 35 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.EA952A5C277CABCBA69EA806146BB984] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.29/05/2013 - 02:41:08.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/358
~ Mes musiques (My Musics) : 7/9025
~ Mes Videos (My Videos) : 1/14
~ Mes Favoris (My Favorites) : 1/277
~ Mes Documents (My Documents) : 1/1079
~ Mon Bureau (My Desktop) : 4/3270
~ Menu demarrer (Programs) : 0/40
~ Hidden Files: Scanned in 00mn 16s



---\\ Processus lancés
[MD5.BF899F57858B8C6F162D9EEB2370641C] - (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\WerCon.exe [1143296] [PID.2256]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.2776]
[MD5.1432BA058B2385392DA1593BFC859DDB] - (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe [221680] [PID.2820] =>Toolbar.DeltaSearch
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2976]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3840]
[MD5.EE12BA876C4190532A4085994BA9B616] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757400] [PID.776]
[MD5.5463971AE736655EC8BD4198B46CE29D] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe [812424] [PID.2708]
[MD5.E121530C2838C67C06A6AE0AEDC13B72] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7693824] [PID.8152]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.6264]
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\system32\nvvsvc.exe [639776] [PID.1016]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.1032]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1424]
[MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.1572]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1900]
[MD5.D72B2DAE9E73C58D6E09C3D782AA1E23] - (.Pas de propriétaire - MemCheck.Service.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672] [PID.2800]
[MD5.62B7936F9036DD6ED36E6A7EFA805DC0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63928] [PID.3380]
[MD5.3845B6555DE995F6C0C07AE2ABCC0532] - (.Pas de propriétaire - ALaunchSvc Image.) -- C:\Acer\ALaunch\ALaunchSvc.exe [50688] [PID.3436]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.3488]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.3504]
[MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.3716]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.3752]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.3772]
[MD5.C1C132455200AD4704142442C89D0FA4] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247] [PID.3916]
[MD5.59FCCAF915BA89DD98CADF08DA91AFEE] - (.Acer Inc. - eRecoveryService.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344] [PID.1240]
[MD5.A1545B731579895D8CC44FC0481C1192] - (.Microsoft Corporation - Service de la passerelle de la couche Appli.) -- C:\Windows\System32\alg.exe [59392] [PID.4008]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www1.delta-search.com =>Toolbar.DeltaSearch
G0 - GCSP: Preference [User Data\Default] http://www1.delta-search.com =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.4 (Désactivé)
G2 - GCE: Preference [User Data\Default] [jiofjbkodmcfkhmljgdmjcildliojoli] FrameFox v.1.3 (Activé)
~ Google Browser: 10 Legitimates Filtered in 00mn 10s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\prefs.js
C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\user.js
M3 - MFPP: Plugins - [Sofia] -- C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [Sofia] -- C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\searchplugins\delta.xml
M0 - MFSP: prefs.js [Sofia - ifdqxd5d.default] r_pref("browser.startup.homepage", );
M2 - MFEP: prefs.js [Sofia - ifdqxd5d.default\jid1-yZwVFzbsyfMrqQ@jetpack] [] Lavasoft Search Plugin v0.6 (..)
M2 - MFEP: prefs.js [Sofia - ifdqxd5d.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.4.8.20120412011105 (..)
P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=3] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll =>Toolbar.DeltaSearch
P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=9] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll =>Toolbar.DeltaSearch
P2 - FPN: [HKLM] [@xmlauthor.com/downloads] - (.XMLAuthor Inc. - ~Mirage 6.1.58.0 Plugin for Visual Mirage Projects.) -- C:\Windows\system32\npmirage.dll
~ Firefox Browser: 31 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Amazon.com, Inc. - Amazon MP3 Downloader Plugin 1.0.17.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [tuto4pc_fr_45] Clé orpheline =>PUP.Eorezo
O4 - HKLM\..\Run: [FrameFox Extensions] . (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe =>Toolbar.DeltaSearch
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] . (.Orange - Media Player.) -- C:\Program Files\Orange\Media Player\Media Player.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] . (.Time Information Services Ltd. - PC Sync.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
O4 - HKUS\S-1-5-18\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] . (.Orange - Media Player.) -- C:\Program Files\Orange\Media Player\Media Player.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [OrangePlayer] . (.Orange - Media Player.) -- C:\Program Files\Orange\Media Player\Media Player.exe
O4 - HKUS\S-1-5-21-1542961045-3789473309-3416228415-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}\SafariIco.exe
O4 - GS\QuickLaunch: EVEREST Home Edition.lnk . (...) -- C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Video Converter.lnk . (...) -- C:\Program Files\VideoConverter\VideoConverter.exe (.not file.)
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\SendTo: AVS Mobile Uploader.lnk . (.Online Media Technologies Ltd. - AVS Mobile Uploader.) -- C:\Program Files\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe
O4 - GS\SendTo: AVS Video Burner.lnk . (.Online Media Technologies Ltd. - AVS Video Burner.) -- C:\Program Files\Common Files\AVSMedia\BurnerService\AVSVideoBurner.exe
O4 - GS\SendTo: AVS Video Uploader.lnk . (.Online Media Technologies Ltd. - AVS Video Uploader.) -- C:\Program Files\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe
O4 - GS\Desktop: 1. Windows Live Messenger.lnk . (.Microsoft Corporation - Raccourci Windows Live Messenger.) -- C:\Users\Sofia\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
O4 - GS\Desktop: AVS Video Converter.lnk . (.Online Media Technologies Ltd. - Video Converter.) -- C:\Program Files\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe
O4 - GS\Desktop: MP Manager.lnk . (.MPMAN - MP Manager.) -- C:\Users\Sofia\AppData\Roaming\MPMAN\MP Manager\MP Manager.exe
O4 - GS\Desktop: OpenOffice.org.lnk . (.OpenOffice.org - OpenOffice.org 3.0.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
O4 - GS\Desktop: WBFS Manager 3.0.lnk . (...) -- C:\Program Files\WBFS\WBFS Manager 3.0\WBFSManager.exe
O4 - GS\Desktop: CCleaner - Raccourci.lnk . (...) -- C:\Users\Sofia\Desktop\CCleaner\CCleaner.exe (.not file.) =>Piriform Ltd
O4 - GS\Desktop: QuickSFV.lnk . (.Mercedes - QuickSFV.) -- C:\Program Files\QuickSFV\QuickSFV.exe
O4 - GS\Desktop: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - GS\Desktop: CCleaner.lnk . (...) -- C:\Users\Mina\Desktop\CCleaner\CCleaner.exe (.not file.) =>Piriform Ltd
~ Global Startup: Scanned in 00mn 01s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ALaunch Service (ALaunchService) . (.Pas de propriétaire - ALaunchSvc Image.) - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Duuqu Update Service (dqupdate) (dqupdate) . (.Duuqu Group - Duuqu Installer.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe =>Toolbar.DeltaSearch
O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) . (.Cyberlink Corp. - FCL Driver.) - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
~ Services: 19 Legitimates Filtered in 00mn 13s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job [870] =>Toolbar.DeltaSearch
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job [874] =>Toolbar.DeltaSearch
[MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineCore] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360] =>Toolbar.DeltaSearch
[MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineUA] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360] =>Toolbar.DeltaSearch
~ Scheduled Task: 16 Legitimates Filtered in 00mn 05s



---\\ Logiciels installés (O42)
O42 - Logiciel: AVSDK5 - (.Authentium, Inc.) [HKLM] -- {30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}
~ Logic: 102 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BKEDV]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\CDSPN]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Duuqu] =>Toolbar.DeltaSearch
[HKCU\Software\MGS]
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\ScreenSaver.com]
[HKCU\Software\TutoTag] =>Spyware.AgenceExcusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExcusive
[HKCU\Software\XMLAuthor Inc.]
[HKCU\Software\dclean]
[HKCU\Software\edc]
[HKCU\Software\tuto4pc] =>PUP.Eorezo
[HKLM\Software\CDSPN]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Duuqu] =>Toolbar.DeltaSearch
[HKLM\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\XMLAuthor Inc.]
~ Key Software: 242 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/07/2013 - 01:55:02 - [2,117] ----D C:\Program Files\Duuqu =>Toolbar.DeltaSearch
O43 - CFD: 11/07/2013 - 01:55:35 - [0,224] ----D C:\Program Files\FrameFox
O43 - CFD: 02/12/2010 - 20:07:41 - [0,004] ----D C:\Program Files\PokerStars
O43 - CFD: 02/12/2010 - 20:07:32 - [0,019] ----D C:\Program Files\PokerStars.FR
O43 - CFD: 18/05/2010 - 17:25:22 - [0,006] ----D C:\Program Files\PokerStars.NET
O43 - CFD: 11/07/2013 - 00:31:23 - [0] ----D C:\Program Files\Startertv =>Adware.StarterTV
O43 - CFD: 10/07/2013 - 23:09:59 - [3,777] ----D C:\Program Files\tuto4pc_fr_45 =>PUP.Eorezo
O43 - CFD: 21/05/2011 - 12:25:44 - [5,379] ----D C:\Program Files\Common Files\Authentium
O43 - CFD: 10/07/2013 - 22:46:41 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 10/07/2013 - 23:12:04 - [1,044] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 10/07/2013 - 22:47:37 - [1,918] ----D C:\Users\Sofia\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 10/07/2013 - 22:46:41 - [0,010] ----D C:\Users\Sofia\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 11/07/2013 - 01:55:02 - [0] ----D C:\Users\Sofia\AppData\Local\Duuqu =>Toolbar.DeltaSearch
O43 - CFD: 10/07/2013 - 22:47:00 - [0,000] ----D C:\Users\Sofia\AppData\Local\eorezo =>PUP.Eorezo
O43 - CFD: 10/02/2013 - 23:02:20 - [0,131] ----D C:\Users\Sofia\AppData\Local\PokerStars
O43 - CFD: 10/02/2013 - 23:02:20 - [0,942] ----D C:\Users\Sofia\AppData\Local\PokerStars.FR
O43 - CFD: 10/02/2013 - 23:02:19 - [0,298] ----D C:\Users\Sofia\AppData\Local\PokerStars.NET
O43 - CFD: 11/07/2013 - 23:44:46 - [4,702] ----D C:\Users\Sofia\AppData\Local\startertv_fr_3 =>Adware.StarterTV
O43 - CFD: 10/07/2013 - 23:09:59 - [3,008] ----D C:\Users\Sofia\AppData\Local\tuto4pc_fr_45 =>PUP.Eorezo
~ 199 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 457 Legitimates Filtered in 01mn 24s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.1217BE0ECAAB2A73C7581090C3D9C598] - 13/07/2013 - 21:37:21 ---A- . (...) -- C:\Windows\bthservsdp.dat [12]
~ Files: 43 Legitimates Filtered in 00mn 07s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.A5C9D24523855CC789435BB28146A674] - 07/07/2013 - 17:35:08 ---A- - C:\Windows\Prefetch\NEWDEV.EXE-B79B8DE5.pf
O45 - LFCP:[MD5.225DC6C0602D9AA97186B53E58685751] - 07/07/2013 - 17:36:46 ---A- - C:\Windows\Prefetch\CONTACTSEDITOR.EXE-9673B60B.pf
O45 - LFCP:[MD5.07A5AEAFE73CAD0F4DF987CD39D698F8] - 10/07/2013 - 15:06:02 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-1D987F64.pf
O45 - LFCP:[MD5.A012150AB0A9B60E65C653E9E228518C] - 12/07/2013 - 12:46:16 ---A- - C:\Windows\Prefetch\ERECOVERYSERVICE.EXE-42F19B34.pf
O45 - LFCP:[MD5.20D317E41365B46034F46FF1FD1D0D1B] - 13/07/2013 - 23:02:05 ---A- - C:\Windows\Prefetch\DUUQUCRASHHANDLER.EXE-2C9640E0.pf =>Toolbar.DeltaSearch
~ Prefetcher: 139 Legitimates Filtered in 00mn 01s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 11/07/2013 - 00:53:20 ---A- C:\Users\Sofia\AppData\Local\startertv_fr_3\user_profil.cyp [1676] =>Adware.StarterTV
O61 - LFC: 11/07/2013 - 00:53:27 ---A- C:\Users\Sofia\AppData\Local\startertv_fr_3\Download\majagexfr.exe [2845528] =>Adware.StarterTV
O61 - LFC: 11/07/2013 - 15:19:51 ---A- C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Local State [37377]
O61 - LFC: 11/07/2013 - 15:19:52 ---A- C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 11/07/2013 - 22:44:46 ---A- C:\Users\Sofia\AppData\Local\startertv_fr_3\upstv_fr_3.cyp [664] =>Adware.StarterTV
O61 - LFC: 13/09/2005 - 10:26:38 ---A- C:\Users\Sofia\Documents\SATADRV\SATADRV\AudioUtl\ikernel.ex_ [339565]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 33 Legitimates Filtered in 10mn 13s



---\\ Alternate Data Stream File (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\fqzsitbb.sys:changelist
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\tplhrqex.sys:changelist
~ ADS: Scanned in 00mn 04s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 21 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\Firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Launcher.exe> <>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Web Search) - http://startsear.ch
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} - (Zumie Search) - http://www.zumie.com
O69 - SBI: SearchScopes [HKCU] {E8495729-90EE-4C2F-9D0D-0D885E1FC19E} - (Yahoo! Search) - http://search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.2D8C8050E54766902818BAD38D07C70E] [SPRF][21/05/2011] (...) -- C:\Users\Sofia\AppData\Local\d3d9caps.dat [8268]
[MD5.0EC5546C47AF2DD2244C1305D1E6F6C3] [SPRF][13/07/2013] (...) -- C:\Users\Sofia\AppData\Local\Temp\chart_data.dat [21086]
[MD5.2534DAAF0610700C74BBCAD6A46E1E96] [SPRF][24/01/2009] (...) -- C:\Users\Sofia\AppData\LocalLow\prvlcl.dat [1052280]
[MD5.0FB6D382FA5FBF72D05FC2A4503B7DF2] [SPRF][10/07/2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Users\Sofia\Desktop\malwarebytes-anti-malware.exe [10156344]
[MD5.B9F4EFC6CA48696DA3F1567784CA1D43] [SPRF][11/07/2013] (...) -- C:\Users\Sofia\Desktop\RogueKiller.exe [915456]
[MD5.39AB3591CD37F26ACD0E5DA5157CCBC3] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\catalog.dat [2504]
[MD5.605B554657988C0FDD77B9F226F4D8B3] [SPRF][10/03/2010] (.Symantec Corporation - Symantec Engine Common Object Model Server.) -- C:\Windows\Downloaded Program Files\ecmsvr32.dll [259440]
[MD5.919772D7F67C99674D85965268D2A901] [SPRF][08/09/2008] (.Kiwee - Installer Control.) -- C:\Windows\Downloaded Program Files\InstallerControl.dll [204800]
[MD5.7E6B506E93FA06BFE7148E2D526CD675] [SPRF][10/03/2010] (.Symantec Corporation - AV Engine.) -- C:\Windows\Downloaded Program Files\naveng32.dll [177520]
[MD5.EB4830A250D7D6AF1FD73F2874D96241] [SPRF][10/03/2010] (.Symantec Corporation - AV Engine.) -- C:\Windows\Downloaded Program Files\navex32a.dll [1647984]
[MD5.5ADC8BBD043787A49C894347B8CF330D] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\scrauth.dat [97776]
[MD5.D625CB7C74DEE36AE74FFBC5B7A385B2] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcdefs.dat [2352850]
[MD5.D51D7915C5EDF2EF1E40B724ACE27789] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcscan7.dat [20332948]
[MD5.2C856D48A7F05E857559B7AD422209B3] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcscan8.dat [194843]
[MD5.60AD909F0C2DC1CB461436469124EAB9] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tcscan9.dat [572496]
[MD5.4038FBC57D1C1B571BB257F8E7E4CFBD] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tinf.dat [453]
[MD5.F482930D99D74BCD79CB09F2E88BB7F7] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tinfidx.dat [148]
[MD5.F3074DCEE278C0157F178495B5628EC1] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tinfl.dat [1957]
[MD5.993246013896AF95AB50E60E63801311] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tscan1.dat [73175]
[MD5.A2D94A904F1A68D21FD511614F1B85FD] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\tscan1hd.dat [3811]
[MD5.15263E27416D1FB600450387D9FF9C68] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan1.dat [1032513]
[MD5.509C2FCE69FCD14A04A66AB9BF0B4E7B] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan2.dat [573078]
[MD5.B16E66380A3A2021068F27F3AD0A3480] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan3.dat [155540]
[MD5.F85E67D580637A0372FF2D25A6C1CDAD] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan4.dat [320267]
[MD5.84EA219F181E121ECA0F00458C0FCC40] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan5.dat [15577134]
[MD5.BACB275A6F1A26E510CF1D8716A7BF87] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan6.dat [396772]
[MD5.9EFF2CB50191E958215D11721CBF7C65] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan7.dat [60924267]
[MD5.A91BAB2D71C22DBD478AEEA58D51139E] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan8.dat [1126277]
[MD5.21D24B2D576DBA8E8EC1E1925513594B] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscan9.dat [4662571]
[MD5.5359BBFB8A20EC94B6D028D78F0F8C25] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\virscant.dat [32]
[MD5.2EA09C8B4B4669C516433AE31982E259] [SPRF][10/03/2010] (...) -- C:\Windows\Downloaded Program Files\zdone.dat [224]
~ Files: Scanned in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : v2.12720 - (10/07/2013)
Clés trouvées (Keys found) : 16
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 13
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\freeze.com] =>Adware.BHO
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKCU\Software\Tuto4pc] =>PUP.Eorezo
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar] =>Toolbar.DeltaSearch
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}] =>Toolbar.eDataSecurity
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}] =>Toolbar.eDataSecurity
[HKLM\Software\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}] =>Toolbar.eDataSecurity
C:\Program Files\Duuqu =>Toolbar.DeltaSearch
C:\Program Files\FrameFox =>Toolbar.DeltaSearch
C:\Program Files\Startertv =>Adware.StarterTV
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\Sofia\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Sofia\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\Sofia\AppData\Roaming\Disk Cleaner =>Rogue.DiskCleaner
C:\Users\Sofia\AppData\Local\Duuqu =>Toolbar.DeltaSearch
C:\Users\Sofia\AppData\Local\EoRezo =>PUP.Eorezo
C:\Users\Sofia\AppData\Local\startertv_fr_3 =>Adware.StarterTV
C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch
C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiofjbkodmcfkhmljgdmjcildliojoli =>Toolbar.DeltaSearch
C:\Users\Sofia\AppData\Roaming\Mozilla\Firefox\Profiles\ifdqxd5d.default\Extensions\***@*** =>Toolbar.Babylon
~ Additionnel Scan: 351201 Items scanned in 00mn 43s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 28672 | (AcerMemUsageCheckService) . (...) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SR - | Auto 03/01/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 30/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 50688 | (ALaunchService) . (...) - C:\Acer\ALaunch\ALaunchSvc.exe
SS - | Auto 01/12/2011 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SS - | Auto 01/12/2011 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 11/07/2013 98360 | (dqupdate) . (.Duuqu Group.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe =>Toolbar.DeltaSearch
SS - | Demand 11/07/2013 98360 | (dqupdatem) . (.Duuqu Group.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe =>Toolbar.DeltaSearch
SR - | Auto 10/09/2007 57344 | (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
SS - | Auto 12/04/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/04/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Demand 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 09/09/2012 821648 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 01/05/2011 311744 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 262247 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SS - | Demand 29/04/2008 572928 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 31/08/2007 39408 | ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) . (.Cyberlink Corp..) - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
~ Services: Scanned in 00mn 01s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Sofia at 14/07/2013 01:01:31

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ndis.sys nvmfdx32.sys nvlddmkm.sys dxgkrnl.sys
C:\Windows\system32\DRIVERS\nvmfdx32.sys NVIDIA Corporation NVIDIA Networking Driver
C:\Windows\system32\DRIVERS\nvlddmkm.sys NVIDIA Corporation NVIDIA Windows Kernel Mode Driver, Version 311.06
1 ntkrnlpa!IofCallDriver[0x8424E916] >> \Device\Harddisk0\DR0[0x888A15B0]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Sofia at 14/07/2013 01:01:33

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Malicius Software Information
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/30068076-pup-paretologic =>PUP.Paretologic
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/29259213-adware-startertv =>Adware.StarterTV
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>Spyware.AgenceExclusive
~ MSI: 10 link(s) detected in 00mn 04s



~ 1726 Legitimates filtered by white list
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
14 juil. 2013 à 07:57
salut Dina,

fais ceci s'il te plaît

lance zhpfix en tant qu'administrateur (clic droit)

copie tout le texte depuis ce lien https://www.cjoint.com/c/CGoh4317Ojh

clique sur le 2ème bouton en haut a gauche (coller le presse papier)

clic sur GO en bas de page et confirme par oui pour lancer le nettoyage des données

le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt

poste le rapport via ce lien https://www.cjoint.com/

@+

0
Coucou

Voici le lien http://cjoint.com/?CGoqjPSEkU5

Bon dimanche
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
14 juil. 2013 à 16:55
re

et comment va le pc?

@+
0
Il semble allez mieux, dis moi, je peux utiliser les memes étapes pour nettoyer mon pc portable ?

A +
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
15 juil. 2013 à 08:04
salut Dina

Il semble allez mieux, dis moi, je peux utiliser les memes étapes pour nettoyer mon pc portable


non car suivant l'infection, on ne passe pas les mêmes outils

on regardera a ton portable quand se sera fini avec celui-ci
======================================================
si tu n'as plus de soucis avec ce pc, tu peux faire ceci

télécharge delfix sur ton bureau

le lien http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/9-delfix

exécute le en tant qu'administrateur (clic droit)

vérifie que toutes les cases soient cochées:5

clique sur exécuter

le rapport s'affichera sur ton bureau et dans C:\delfix.txt

poste le rapport via 1 copier/coller

@+
0
Bonjour,

Je viens de lancer delfix et il me met un message d'erreur.

AutoIt Error
Line 84 (file "C:/Users/Sofia/AppData/Local/Microsoft/Windows/TemporaryInternetFiles/Content.IES/TWZBUS3I/delfix.exe"
Error; The requested action with this object has failed

Voila mon message d'erreur.
0
Le rapport de ZHPdiag

Excuse moi

Merci
0
billmaxime Messages postés 50435 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 17 décembre 2024 6 008
17 juil. 2013 à 06:35
salut Dina,

supprime "delfix" et retélécharge le , dis moi si ça fonctionne

@+


0
salut Bill,

J'ai supprimer puis réinstaller delfix mais il me dit la erreur.

Voilà bonne jourée
0